NoxPlayer, a popular emulator for gamers It was the target of an attack and caused ThaiCERT to issue a warning to uninstall or pause it first.
This was discovered by ESET’s analysis team, a well-known cyber security company, that the program was attacked as a Supply-Chain Attack and could potentially endanger users.
Such attacks Mainly focused on Asian gamers. It is an Operation called Operation NightScout that seized res06.bignox.com. Which is the internal structure of the system, including api.bignox.com It is an API structure that will be used to spread malware to its target.
NoxPlayer is an emulator for Android operating system available for both PC and Mac versions, developed by Hong Kong based company BigNox. And now it has around 150 million users from more than 150 countries around the world.
ESET reported that it started seeing signs of the attack as early as September 2020, but the real danger was noticed on January 25th. Without knowing how much of the user has been affected
However, if anyone is concerned that their own devices are at risk Can run the Antivirus program that they have in detail. Including checking the following files at the same time If found to be present in the device, remove it immediately.
C:Program FilesInternet Explorerieproxysocket64.dll
C:Program FilesInternet Explorerieproxysocket.dll
You can also download a network monitoring program like GlassWire to see if you are connected to these dangerous IP addresses / domains.
Which if found to be the victim Best of all, Thaicert recommends uninstalling immediately. And may need to reinstall the operating system to make sure that no more malware will be added to the system For anyone who still wants to come back to use this program in the future It may have to wait and see the response from NoxPlayer before the announcement to fix the problem followed or not and when
Sources: Thaicert, TheHackerNews, BleepingComputer